ibm-cloud-sdk-core 5.0.1 → 5.1.0

package/auth/token-managers/iam-assume-token-manager.js

@@ -0,0 +1,220 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IamAssumeTokenManager = void 0;
+var helpers_1 = require("../utils/helpers");
+var build_user_agent_1 = require("../../lib/build-user-agent");
+var iam_request_based_token_manager_1 = require("./iam-request-based-token-manager");
+var iam_token_manager_1 = require("./iam-token-manager");
+/**
+ * The IamAssumeTokenManager takes an api key, along with trusted profile information, and performs
+ * the necessary interactions with the IAM token service to obtain and store a suitable bearer token
+ * that "assumes" the identify of the trusted profile.
+ */
+var IamAssumeTokenManager = /** @class */ (function (_super) {
+    __extends(IamAssumeTokenManager, _super);
+    /**
+     *
+     * Create a new IamAssumeTokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - apikey: (required) the IAM api key
+     * - iamProfileId: (optional) the ID of the trusted profile to use
+     * - iamProfileCrn: (optional) the CRN of the trusted profile to use
+     * - iamProfileName: (optional) the name of the trusted profile to use (must be specified with iamAccountId)
+     * - iamAccountId: (optional) the ID of the account the trusted profile is in (must be specified with iamProfileName)
+     * - url: (optional) the endpoint URL for the IAM token service (default value: "https://iam.cloud.ibm.com")
+     * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
+     * should be disabled or not
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service
+     * - clientId: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - clientSecret: (optional) the "clientId" and "clientSecret" fields are used to form a Basic
+     * Authorization header to be included in each request to the token service
+     * - scope: (optional) the "scope" parameter to use when fetching the bearer token from the token service
+     *
+     * @throws Error: the configuration options are not valid.
+     */
+    function IamAssumeTokenManager(options) {
+        var _this = _super.call(this, options) || this;
+        _this.requiredOptions = ['apikey'];
+        // This just verifies that the API key is provided and is free of common issues.
+        (0, helpers_1.validateInput)(options, _this.requiredOptions);
+        // This validates the assume-specific fields.
+        // Only one of the following three options may be specified.
+        if (!(0, helpers_1.onlyOne)(options.iamProfileId, options.iamProfileCrn, options.iamProfileName)) {
+            throw new Error('Exactly one of `iamProfileName`, `iamProfileCrn`, or `iamProfileId` must be specified.');
+        }
+        // `iamAccountId` may only be specified if `iamProfileName` is also specified.
+        if (Boolean(options.iamProfileName) !== Boolean(options.iamAccountId)) {
+            throw new Error('`iamProfileName` and `iamAccountId` must be provided together, or not at all.');
+        }
+        // Set class variables from options. If they are 'undefined' in options,
+        // they won't be changed, as they are 'undefined' to begin with.
+        _this.iamProfileId = options.iamProfileId;
+        _this.iamProfileCrn = options.iamProfileCrn;
+        _this.iamProfileName = options.iamProfileName;
+        _this.iamAccountId = options.iamAccountId;
+        _this.iamDelegate = options.iamDelegate;
+        // Create an instance of the IamTokenManager, which will be used to obtain
+        // an IAM access token for use in the "assume" token exchange. Most option
+        // names are shared between these token manager, and extraneous options will
+        // be ignored, so we can pass the options structure to that constructor as-is.
+        _this.iamDelegate = new iam_token_manager_1.IamTokenManager(options);
+        // These options are used by the delegate token manager
+        // but they are not supported by this token manager.
+        _this.clientId = undefined;
+        _this.clientSecret = undefined;
+        _this.scope = undefined;
+        // Set the grant type and user agent for this flavor of authentication.
+        _this.formData.grant_type = 'urn:ibm:params:oauth:grant-type:assume';
+        _this.userAgent = (0, build_user_agent_1.buildUserAgent)('iam-assume-authenticator');
+        return _this;
+    }
+    /**
+     * Request an IAM token using a standard access token and a trusted profile.
+     */
+    IamAssumeTokenManager.prototype.requestToken = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        // First, retrieve a standard IAM access token from the delegate and set it in the form data.
+                        _a = this.formData;
+                        return [4 /*yield*/, this.iamDelegate.getToken()];
+                    case 1:
+                        // First, retrieve a standard IAM access token from the delegate and set it in the form data.
+                        _a.access_token = _b.sent();
+                        if (this.iamProfileCrn) {
+                            this.formData.profile_crn = this.iamProfileCrn;
+                        }
+                        else if (this.iamProfileId) {
+                            this.formData.profile_id = this.iamProfileId;
+                        }
+                        else {
+                            this.formData.profile_name = this.iamProfileName;
+                            this.formData.account = this.iamAccountId;
+                        }
+                        return [2 /*return*/, _super.prototype.requestToken.call(this)];
+                }
+            });
+        });
+    };
+    /**
+     * Extend this method from the parent class to erase the refresh token from
+     * the class - we do not want to expose it for IAM Assume authentication.
+     *
+     * @param tokenResponse - the response object from JWT service request
+     */
+    IamAssumeTokenManager.prototype.saveTokenInfo = function (tokenResponse) {
+        _super.prototype.saveTokenInfo.call(this, tokenResponse);
+        this.refreshToken = undefined;
+    };
+    // Override the inherited "setters". This token manager does not store these options
+    // but they can adjust properties on the stored IAM delegate.
+    /**
+     * Sets the IAM "scope" value.
+     * This value is sent as the "scope" form parameter in the IAM delegate request.
+     *
+     * @param scope - a space-separated string that contains one or more scope names
+     */
+    IamAssumeTokenManager.prototype.setScope = function (scope) {
+        this.iamDelegate.setScope(scope);
+    };
+    /**
+     * Sets the IAM "clientId" and "clientSecret" values for the IAM delegate.
+     *
+     * @param clientId - the client id.
+     * @param clientSecret - the client secret.
+     */
+    IamAssumeTokenManager.prototype.setClientIdAndSecret = function (clientId, clientSecret) {
+        this.iamDelegate.setClientIdAndSecret(clientId, clientSecret);
+    };
+    /**
+     * Sets the "disableSslVerification" property for the IAM delegate.
+     *
+     * @param value - the new value for the disableSslVerification property
+     */
+    IamAssumeTokenManager.prototype.setDisableSslVerification = function (value) {
+        _super.prototype.setDisableSslVerification.call(this, value);
+        this.iamDelegate.setDisableSslVerification(value);
+    };
+    /**
+     * Sets the headers to be included in the IAM delegate's requests.
+     *
+     * @param headers - the set of headers to send with each request to the token server
+     */
+    IamAssumeTokenManager.prototype.setHeaders = function (headers) {
+        _super.prototype.setHeaders.call(this, headers);
+        this.iamDelegate.setHeaders(headers);
+    };
+    return IamAssumeTokenManager;
+}(iam_request_based_token_manager_1.IamRequestBasedTokenManager));
+exports.IamAssumeTokenManager = IamAssumeTokenManager;

package/auth/token-managers/iam-request-based-token-manager.d.ts

@@ -28,9 +28,9 @@ export interface IamRequestOptions extends JwtTokenManagerOptions {
  * class be extended with specific implementations.
  */
 export declare class IamRequestBasedTokenManager extends JwtTokenManager {
-    private clientId;
-    private clientSecret;
-    private scope;
+    protected clientId: string;
+    protected clientSecret: string;
+    protected scope: string;
     protected refreshToken: string;
     protected formData: any;
     /**
@@ -70,12 +70,6 @@ export declare class IamRequestBasedTokenManager extends JwtTokenManager {
      * @param clientSecret - the client secret.
      */
     setClientIdAndSecret(clientId: string, clientSecret: string): void;
-    /**
-     * Returns the most recently stored refresh token.
-     *
-     * @returns the refresh token
-     */
-    getRefreshToken(): string;
     /**
      * Extend this method from the parent class to extract the refresh token from
      * the request and save it.

package/auth/token-managers/iam-request-based-token-manager.js

@@ -120,14 +120,6 @@ var IamRequestBasedTokenManager = /** @class */ (function (_super) {
             logger_1.default.warn(CLIENT_ID_SECRET_WARNING);
         }
     };
-    /**
-     * Returns the most recently stored refresh token.
-     *
-     * @returns the refresh token
-     */
-    IamRequestBasedTokenManager.prototype.getRefreshToken = function () {
-        return this.refreshToken;
-    };
     /**
      * Extend this method from the parent class to extract the refresh token from
      * the request and save it.
@@ -168,7 +160,11 @@ var IamRequestBasedTokenManager = /** @class */ (function (_super) {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger_1.default.debug("Invoking IAM get_token operation: ".concat(parameters.options.url));
+        return this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+            logger_1.default.debug('Returned from IAM get_token operation');
+            return response;
+        });
     };
     /**
      * Returns true iff the currently-cached IAM access token is expired.

package/auth/token-managers/iam-token-manager.d.ts

@@ -19,8 +19,8 @@ interface Options extends IamRequestOptions {
     apikey: string;
 }
 /**
- * The IAMTokenManager takes an api key and performs the necessary interactions with
- * the IAM token service to obtain and store a suitable bearer token. Additionally, the IAMTokenManager
+ * The IamTokenManager takes an api key and performs the necessary interactions with
+ * the IAM token service to obtain and store a suitable bearer token. Additionally, the IamTokenManager
  * will retrieve bearer tokens via basic auth using a supplied "clientId" and "clientSecret" pair.
  */
 export declare class IamTokenManager extends IamRequestBasedTokenManager {
@@ -46,5 +46,11 @@ export declare class IamTokenManager extends IamRequestBasedTokenManager {
      * @throws Error: the configuration options are not valid.
      */
     constructor(options: Options);
+    /**
+     * Returns the most recently stored refresh token.
+     *
+     * @returns the refresh token
+     */
+    getRefreshToken(): string;
 }
 export {};

package/auth/token-managers/iam-token-manager.js

@@ -35,8 +35,8 @@ var helpers_1 = require("../utils/helpers");
 var build_user_agent_1 = require("../../lib/build-user-agent");
 var iam_request_based_token_manager_1 = require("./iam-request-based-token-manager");
 /**
- * The IAMTokenManager takes an api key and performs the necessary interactions with
- * the IAM token service to obtain and store a suitable bearer token. Additionally, the IAMTokenManager
+ * The IamTokenManager takes an api key and performs the necessary interactions with
+ * the IAM token service to obtain and store a suitable bearer token. Additionally, the IamTokenManager
  * will retrieve bearer tokens via basic auth using a supplied "clientId" and "clientSecret" pair.
  */
 var IamTokenManager = /** @class */ (function (_super) {
@@ -72,6 +72,14 @@ var IamTokenManager = /** @class */ (function (_super) {
         _this.userAgent = (0, build_user_agent_1.buildUserAgent)('iam-authenticator');
         return _this;
     }
+    /**
+     * Returns the most recently stored refresh token.
+     *
+     * @returns the refresh token
+     */
+    IamTokenManager.prototype.getRefreshToken = function () {
+        return this.refreshToken;
+    };
     return IamTokenManager;
 }(iam_request_based_token_manager_1.IamRequestBasedTokenManager));
 exports.IamTokenManager = IamTokenManager;

package/auth/token-managers/index.d.ts

@@ -16,8 +16,8 @@
 /**
  * @module token-managers
  * The ibm-cloud-sdk-core module supports the following types of token authentication:
- *
- * Identity and Access Management (IAM)
+ * Identity and Access Management (IAM, grant type: apikey)
+ * Identity and Access Management (IAM, grant type: assume)
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
@@ -28,6 +28,7 @@
  *
  * classes:
  *   IamTokenManager: Token Manager of IAM via apikey.
+ *   IamAssumeTokenManager: Token Manager of IAM via apikey and trusted profile.
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
@@ -42,3 +43,4 @@ export { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
 export { TokenManager, TokenManagerOptions } from './token-manager';
 export { VpcInstanceTokenManager } from './vpc-instance-token-manager';
 export { McspTokenManager } from './mcsp-token-manager';
+export { IamAssumeTokenManager } from './iam-assume-token-manager';

package/auth/token-managers/index.js

@@ -15,12 +15,12 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
+exports.IamAssumeTokenManager = exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
 /**
  * @module token-managers
  * The ibm-cloud-sdk-core module supports the following types of token authentication:
- *
- * Identity and Access Management (IAM)
+ * Identity and Access Management (IAM, grant type: apikey)
+ * Identity and Access Management (IAM, grant type: assume)
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
@@ -31,6 +31,7 @@ exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManage
  *
  * classes:
  *   IamTokenManager: Token Manager of IAM via apikey.
+ *   IamAssumeTokenManager: Token Manager of IAM via apikey and trusted profile.
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
@@ -53,3 +54,5 @@ var vpc_instance_token_manager_1 = require("./vpc-instance-token-manager");
 Object.defineProperty(exports, "VpcInstanceTokenManager", { enumerable: true, get: function () { return vpc_instance_token_manager_1.VpcInstanceTokenManager; } });
 var mcsp_token_manager_1 = require("./mcsp-token-manager");
 Object.defineProperty(exports, "McspTokenManager", { enumerable: true, get: function () { return mcsp_token_manager_1.McspTokenManager; } });
+var iam_assume_token_manager_1 = require("./iam-assume-token-manager");
+Object.defineProperty(exports, "IamAssumeTokenManager", { enumerable: true, get: function () { return iam_assume_token_manager_1.IamAssumeTokenManager; } });

package/auth/token-managers/mcsp-token-manager.js

@@ -38,6 +38,7 @@ var extend_1 = __importDefault(require("extend"));
 var helpers_1 = require("../utils/helpers");
 var build_user_agent_1 = require("../../lib/build-user-agent");
 var jwt_token_manager_1 = require("./jwt-token-manager");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * This is the path associated with the operation used to obtain
  * an access token from the MCSP token service.
@@ -90,7 +91,11 @@ var McspTokenManager = /** @class */ (function (_super) {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger_1.default.debug("Invoking MCSP token service operation: ".concat(parameters.options.url));
+        return this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+            logger_1.default.debug('Returned from MCSP token service operation');
+            return response;
+        });
     };
     return McspTokenManager;
 }(jwt_token_manager_1.JwtTokenManager));

package/auth/token-managers/token-manager.js

@@ -49,11 +49,13 @@ var TokenManager = /** @class */ (function () {
     TokenManager.prototype.getToken = function () {
         var _this = this;
         if (!this.accessToken || this.isTokenExpired()) {
-            // 1. request a new token
+            // 1. Need a new token.
+            logger_1.default.debug('Performing synchronous token refresh');
             return this.pacedRequestToken().then(function () { return _this.accessToken; });
         }
-        // If refresh needed, kick one off
         if (this.tokenNeedsRefresh()) {
+            // 2. Need to refresh the current (valid) token.
+            logger_1.default.debug('Performing background asynchronous token fetch');
             this.requestToken().then(function (tokenResponse) {
                 _this.saveTokenInfo(tokenResponse);
             }, function (err) {
@@ -67,7 +69,9 @@ var TokenManager = /** @class */ (function () {
                 logger_1.default.debug(err);
             });
         }
-        // 2. use valid, managed token
+        else {
+            logger_1.default.debug('Using cached access token');
+        }
         return Promise.resolve(this.accessToken);
     };
     /**

package/auth/token-managers/vpc-instance-token-manager.js

@@ -162,7 +162,10 @@ var VpcInstanceTokenManager = /** @class */ (function (_super) {
                             },
                         };
                         logger_1.default.debug("Invoking VPC 'create_iam_token' operation: ".concat(parameters.options.url));
-                        return [2 /*return*/, this.requestWrapperInstance.sendRequest(parameters)];
+                        return [2 /*return*/, this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+                                logger_1.default.debug("Returned from VPC 'create_iam_token' operation");
+                                return response;
+                            })];
                 }
             });
         });

package/auth/utils/get-authenticator-from-environment.js

@@ -81,6 +81,9 @@ function getAuthenticatorFromEnvironment(serviceName) {
     else if (authType === authenticators_1.Authenticator.AUTHTYPE_IAM.toLowerCase()) {
         authenticator = new authenticators_1.IamAuthenticator(credentials);
     }
+    else if (authType === authenticators_1.Authenticator.AUTHTYPE_IAM_ASSUME.toLowerCase()) {
+        authenticator = new authenticators_1.IamAssumeAuthenticator(credentials);
+    }
     else if (authType === authenticators_1.Authenticator.AUTHTYPE_CONTAINER.toLowerCase()) {
         authenticator = new authenticators_1.ContainerAuthenticator(credentials);
     }

package/auth/utils/helpers.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,17 +43,6 @@ export declare function validateInput(options: any, requiredOptions: string[]):
  * @returns the current time in seconds.
  */
 export declare function getCurrentTime(): number;
-/**
- * Checks for only one of two elements being defined.
- * Returns true if a is defined and b is undefined,
- * or vice versa. Returns false if both are defined
- * or both are undefined.
- *
- * @param a - The first object
- * @param b - The second object
- * @returns true if and only if exactly one of a or b is defined
- */
-export declare function onlyOne(a: any, b: any): boolean;
 /**
  * Removes a given suffix if it exists.
  *
@@ -64,20 +53,26 @@ export declare function onlyOne(a: any, b: any): boolean;
  */
 export declare function removeSuffix(str: string, suffix: string): string;
 /**
- * Checks for at least one of two elements being defined.
+ * Checks that exactly one of the arguments provided is defined.
+ * Returns true if one argument is defined. Returns false if no
+ * argument are defined or if 2 or more are defined.
  *
- * @param a - the first object
- * @param b - the second object
- * @returns true if a or b is defined; false if both are undefined
+ * @param args - The spread of arguments to check
+ * @returns true if and only if exactly one argument is defined
  */
-export declare function atLeastOne(a: any, b: any): boolean;
+export declare function onlyOne(...args: any): boolean;
 /**
- * Verifies that both properties are not specified.
+ * Checks for at least one of the given elements being defined.
  *
- * @param a - The first object
- * @param b - The second object
+ * @param args - The spread of arguments to check
+ * @returns true if one or more are defined; false if all are undefined
+ */
+export declare function atLeastOne(...args: any): boolean;
+/**
+ * Verifies that no more than one of the given elements are defined.
+ * Returns true if one or none are defined, and false otherwise.
  *
- * @returns  false if a and b are both defined, true otherwise
-
+ * @param args - The spread of arguments to check
+ * @returns  false if more than one elements are defined, true otherwise
  */
-export declare function atMostOne(a: any, b: any): boolean;
+export declare function atMostOne(...args: any): boolean;

package/auth/utils/helpers.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 2022.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.atMostOne = exports.atLeastOne = exports.removeSuffix = exports.onlyOne = exports.getCurrentTime = exports.validateInput = exports.checkCredentials = exports.computeBasicAuthHeader = void 0;
+exports.atMostOne = exports.atLeastOne = exports.onlyOne = exports.removeSuffix = exports.getCurrentTime = exports.validateInput = exports.checkCredentials = exports.computeBasicAuthHeader = void 0;
 var helper_1 = require("../../lib/helper");
 /**
  * Compute and return a Basic Authorization header from a username and password.
@@ -87,20 +87,6 @@ function getCurrentTime() {
     return Math.floor(Date.now() / 1000);
 }
 exports.getCurrentTime = getCurrentTime;
-/**
- * Checks for only one of two elements being defined.
- * Returns true if a is defined and b is undefined,
- * or vice versa. Returns false if both are defined
- * or both are undefined.
- *
- * @param a - The first object
- * @param b - The second object
- * @returns true if and only if exactly one of a or b is defined
- */
-function onlyOne(a, b) {
-    return Boolean((a && !b) || (b && !a));
-}
-exports.onlyOne = onlyOne;
 /**
  * Removes a given suffix if it exists.
  *
@@ -117,26 +103,60 @@ function removeSuffix(str, suffix) {
 }
 exports.removeSuffix = removeSuffix;
 /**
- * Checks for at least one of two elements being defined.
+ * Checks that exactly one of the arguments provided is defined.
+ * Returns true if one argument is defined. Returns false if no
+ * argument are defined or if 2 or more are defined.
  *
- * @param a - the first object
- * @param b - the second object
- * @returns true if a or b is defined; false if both are undefined
+ * @param args - The spread of arguments to check
+ * @returns true if and only if exactly one argument is defined
  */
-function atLeastOne(a, b) {
-    return Boolean(a || b);
+function onlyOne() {
+    var args = [];
+    for (var _i = 0; _i < arguments.length; _i++) {
+        args[_i] = arguments[_i];
+    }
+    return countDefinedArgs(args) === 1;
 }
-exports.atLeastOne = atLeastOne;
+exports.onlyOne = onlyOne;
 /**
- * Verifies that both properties are not specified.
+ * Checks for at least one of the given elements being defined.
  *
- * @param a - The first object
- * @param b - The second object
+ * @param args - The spread of arguments to check
+ * @returns true if one or more are defined; false if all are undefined
+ */
+function atLeastOne() {
+    var args = [];
+    for (var _i = 0; _i < arguments.length; _i++) {
+        args[_i] = arguments[_i];
+    }
+    return countDefinedArgs(args) >= 1;
+}
+exports.atLeastOne = atLeastOne;
+/**
+ * Verifies that no more than one of the given elements are defined.
+ * Returns true if one or none are defined, and false otherwise.
  *
- * @returns  false if a and b are both defined, true otherwise
-
+ * @param args - The spread of arguments to check
+ * @returns  false if more than one elements are defined, true otherwise
  */
-function atMostOne(a, b) {
-    return Boolean(!(a && b));
+function atMostOne() {
+    var args = [];
+    for (var _i = 0; _i < arguments.length; _i++) {
+        args[_i] = arguments[_i];
+    }
+    return countDefinedArgs(args) <= 1;
 }
 exports.atMostOne = atMostOne;
+/**
+ * Takes a list of anything (intended to be the arguments passed to one of the
+ * argument checking functions above) and returns how many elements in that
+ * list are not undefined.
+ */
+function countDefinedArgs(args) {
+    return args.reduce(function (total, arg) {
+        if (arg) {
+            total += 1;
+        }
+        return total;
+    }, 0);
+}

package/auth/utils/read-external-sources.js

@@ -48,6 +48,7 @@ function getProperties(serviceName) {
     // 3. VCAP Services (Cloud Foundry)
     // only get properties from one source, return null if none found
     var properties = null;
+    logger_1.default.debug("Retrieving config properties for service '".concat(serviceName, "'"));
     properties = filterPropertiesByServiceName((0, file_reading_helpers_1.readCredentialsFile)(), serviceName);
     if ((0, helper_1.isEmptyObject)(properties)) {
         properties = filterPropertiesByServiceName(process.env, serviceName);
@@ -55,6 +56,7 @@ function getProperties(serviceName) {
     if ((0, helper_1.isEmptyObject)(properties)) {
         properties = getPropertiesFromVCAP(serviceName);
     }
+    logger_1.default.debug("Retrieved ".concat(Object.keys(properties).length, " properties"));
     return properties;
 }
 /**